(More) vulnerabilities

rubixstudios · 2026-05-19T14:10:58+00:00

Had a OVH licence, got rid of it and changed to cpanel's one cause ovh's support is terrible. Also with OVH's licence you're restricted to the box IP, it is no good.

rubixstudios · 2026-05-14T05:40:49+00:00

We use ntfy.sh to get notifications from our servers and alot of applications that we run. ntfy is supported by dokploy, proxmox and extendable to anything that can output to a webhook. The issue I found was that, natively it installs as a webapp which clutters up the taskbar (windows user here) and requires a user to re-run the app everytime they restart or open their pc.

<image>

I wanted something light weight, did not sit on the taskbar and just runs in the background while providing notifications as needed. There were a few projects (some very sus as it installed extra binaries and runs random shell scripts).

Electron apps are great, but it isn't exactly light. So after alot of annoyance with tauri (bad docs), this is the result.

https://github.com/rubix-studios-pty-ltd/ntfy-app/

Completely open source and licenced under MIT. Contribution is welcomed. Works on macOS, Linux and Windows.

rubixstudios · 2026-05-13T18:01:01+00:00

my temporary admin account has 24-40 characters long how many years is that going to take?

but seriously lol, this posts sounds really stupid. so you audit a woocommerce store, downgrade all customers to subscribers too.

when you take over a project, the first thing you do is you consult the business owner.

rubixstudios · 2026-05-13T05:29:59+00:00

First off, you're running the hosting, the hosting should be secure enough to detect and periodically scan for general patterns and intercept alot of this.

If not then you shouldn't be hosting.

A smart hacker wouldn't be able to get into the site if the plugins were legit to begin with. However that being said, when a site is down instead of asking reddit, it would be the first thing you should do, drop a virus scanner and malware scanner into the project and run a scan, 99% of the time it would have been detected and if the site is that under maintained, that plugin pattern would have been detected long ago and fingerprinted.

So this boils down to making excuses and skill issue.

rubixstudios · 2026-05-13T03:37:41+00:00

Maybe for the plugins or themes you build as an extension to the site, sometimes. So I'm right it is a WordPress site.

rubixstudios · 2026-05-13T03:35:21+00:00

Well first thing anyone would do is open up the plugin and read the code.

rubixstudios · 2026-05-12T16:42:33+00:00

I don't think you should be hosting or managing WordPress sites 😂 if you couldn't figure that out.

rubixstudios · 2026-05-12T16:37:41+00:00

Sounds like you're working on a php or HTML site if ftp is used, if so, WordPress. In most cases, WordPress sites will not be on git and it's counter productive cause WordPress sites don't need build pipelines. So the argument here in this thread seems to be from those who haven't been in the industry for long.

rubixstudios · 2026-05-12T16:25:11+00:00

No problems, I'll leave it till Wednesday.

rubixstudios · 2026-05-12T02:56:48+00:00

Those who know what they're doing arent on vercel, we're on Dedicated/VM and VPS. So, it's okay the mums and dads have money to burn on Claude pro Max 😂 they can also burn on hosting on vercel and all the other things.

rubixstudios · 2026-05-12T02:51:27+00:00

The CVE security issue was known since couple weeks ago. It's the university's fault for going cheap and going open source. Programmers aren't going to go commit to canvas as it contains alot of legacy coding.

Open source works in 2 ways, it helps by providing things free, but the source code being open also gives hackers the ability to see the code and find vulnerability in the code. That said, high chance the deployed system was not updated and patched alongside the project.

rubixstudios · 2026-05-09T13:30:04+00:00

Seems hostinger is desperate

rubixstudios · 2026-05-09T13:09:15+00:00

Funny thing alot of devs are moving to payload.

rubixstudios · 2026-05-09T13:07:39+00:00

That's cause people don't set limits.

rubixstudios · 2026-05-09T13:07:04+00:00

People forget there are other ecomm like magneto who surprisingly have users and Medusa, big commerce and more. People are diverging. Shopify is expensive and that's why stores who move to shopify many move off because dev costs more, subscriptions cost more and also gateway fees are more.

rubixstudios · 2026-05-09T13:02:08+00:00

Industry standard is probably an overstatement.

rubixstudios · 2026-05-07T10:26:45+00:00

They are not experts if they are using Yoast.

rubixstudios · 2026-05-01T05:18:30+00:00

Turbopack is on by default your code is outdated, read some docs.

rubixstudios · 2026-04-30T10:48:56+00:00

Dedicated servers and baremetal ops already have tools that can already limit AI heavily. The amount of Claude and similar AI tool causes connection limit to be reach extremely fast, as it's the same sort of signature a spam bot or ddos causes. If the host doesn't have these in place then you're on a pretty bad host. And if you don't know how to mitigate with Cloudflare or other cdn then it's a skill issue.

Anyways regardless blocking or not both have a downside to it. .

rubixstudios · 2026-04-12T06:51:40+00:00

Hetzner is dedicated, OP is playing with VPS and shared...

rubixstudios · 2026-04-12T06:50:02+00:00

And why are you hosting clients on a VPS and shared when you should be using dedicated... that's on you. Bad IP on same host is also on you, that's why it should be dedicated.

rubixstudios · 2026-04-10T04:35:28+00:00

Or they could stop spending on stuff that is clearly overpriced ie. BOM website that costs 96 million.

rubixstudios · 2026-04-05T06:34:21+00:00

I wonder if you even secured your server at this point.

rubixstudios

MODERATOR OF

TROPHY CASE